openSUSE Leap 15.5 SUSE-SU-2024:1103-1 important: qemu buffer overflow
opensuse
April 8, 2024
This update for qemu fixes the following issues: CVE-2024-26327: Fixed buffer overflow via invalid SR/IOV NumVFs value (bsc#1220062).
Description
This update for qemu fixes the following issues:
* CVE-2024-26327: Fixed buffer overflow via invalid SR/IOV NumVFs value
(bsc#1220062).
* CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI
command (bsc#1220134).
* CVE-2023-6693: Fixed stack buffer overflow in virtio_net_flush_tx()
(bsc#1218484).
* CVE-2023-1544: Fixed out-of-bounds read in pvrdma_ring_next_elem_read()
(bsc#1209554).
* CVE-2024-26328: Fixed invalid NumVFs value handled in NVME SR/IOV
implementation (bsc#1220065).
The following non-security bug was fixed:
* Removing in-use mediated device should fail with error message instead of
hang (bsc#1205316).
Patch
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1103=1
* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-1103=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-1103=1 openSUSE-SLE-15.5-2024-1103=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-1103=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1103=1
Package List
* SUSE Package Hub 15 15-SP5 (noarch)
* qemu-microvm-7.1.0-150500.49.12.1
* qemu-sgabios-8-150500.49.12.1
* qemu-SLOF-7.1.0-150500.49.12.1
* qemu-seabios-1.16.0_0_gd239552-150500.49.12.1
* qemu-vgabios-1.16.0_0_gd239552-150500.49.12.1
* qemu-skiboot-7.1.0-150500.49.12.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* qemu-block-nfs-7.1.0-150500.49.12.1
* qemu-hw-usb-smartcard-debuginfo-7.1.0-150500.49.12.1
* qemu-accel-qtest-debuginfo-7.1.0-150500.49.12.1
* qemu-accel-qtest-7.1.0-150500.49.12.1
* qemu-ivshmem-tools-debuginfo-7.1.0-150500.49.12.1
* qemu-block-dmg-debuginfo-7.1.0-150500.49.12.1
* qemu-audio-oss-debuginfo-7.1.0-150500.49.12.1
* qemu-hw-usb-smartcard-7.1.0-150500.49.12.1
* qemu-extra-debuginfo-7.1.0-150500.49.12.1
* qemu-block-dmg-7.1.0-150500.49.12.1
* qemu-vhost-user-gpu-7.1.0-150500.49.12.1
* qemu-audio-oss-7.1.0-150500.49.12.1
* qemu-audio-jack-debuginfo-7.1.0-150500.49.12.1
* qemu-vhost-user-gpu-debuginfo-7.1.0-150500.49.12.1
* qemu-extra-7.1.0-150500.49.12.1
*...
Read the Full AdvisoryReferences
* bsc#1205316
* bsc#1209554
* bsc#1218484
* bsc#1220062
* bsc#1220065
* bsc#1220134
* jsc#PED-7366
* jsc#PED-8113
## References:
* https://www.suse.com/security/cve/CVE-2023-1544.html
* https://www.suse.com/security/cve/CVE-2023-6693.html
* https://www.suse.com/security/cve/CVE-2024-24474.html
* https://www.suse.com/security/cve/CVE-2024-26327.html
* https://www.suse.com/security/cve/CVE-2024-26328.html
* https://bugzilla.suse.com/show_bug.cgi?id=1205316
* https://bugzilla.suse.com/show_bug.cgi?id=1209554
* https://bugzilla.suse.com/show_bug.cgi?id=1218484
* https://bugzilla.suse.com/show_bug.cgi?id=1220062
* https://bugzilla.suse.com/show_bug.cgi?id=1220065
* https://bugzilla.suse.com/show_bug.cgi?id=1220134
*
*
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2024:1103-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!